Baidu is the most popular search engine in China, so even a few minutes of down time will cost the company a lot of money and frustrate a lot of users. Last month Baidu.com went down for five hours due to a hack. Instead of seeing the standard Baidu.com, users were presented with a page about the Iranian Cyber Army.

How could such a popular site be hacked so easily? Baidu’s security apparently wasn’t to blame; it was the domain registrar used to secure the Baidu.com domain.

Baidu made the accusation against domain company Register.com last month, but at the time we could not see the details of the complaint being made as it had been redacted. But now that complaint has been made available and alleges some major oversights on the part of Register.com. If true, then the hacker must have been surprised how easy it was to take control of the domain.

According to Baidu this is what happened:

Hacker contacts Register.com through a live chat session pretending to be an employee of Baidu.com

A security check is carried out over live chat by the Register.com representative. The hacker gets this wrong so the representative e-mails a security code to the registered Baidu.com e-mail account

The hacker does not have access to that account so makes up a security code which is supplied to the representative via the live chat session

The representative does not check the security code and accepts it as correct

Now believing the hacker is a legitimate Baidu employee the representative changes the registered e-mail address to a new one provided by the hacker; in this case: antiwahabi2008@gmail.com

Now with his own e-mail address registered against the domain the hacker performs a password reset procedure giving him control over the domain

The hacker redirects Baidu.com to the Iranian Cyber Army page

Register.com is denying this is what happened and is preparing for the legal action Baidu.com is taking against it. Five hours of downtime mean lost revenue and Baidu intends to reclaim it from Register.com.

If those turn out to be the events that happened then Register.com will be taken to the cleaners by Baidu in court. Domain names are such an important part of many a business operation now they need to be dealt with in a secure environment by competent staff. I can only imagine how much revenue Baidu lost from losing control of its domain for five hours, but they will be going after Register.com for damages as well as revenue costs.

The way to stop this happening again is to take control away from the domain company representatives. The checking of the security code should have been handled by an automated system. That would have alerted the representative to the problem and blocked them from making a change. In this case the representative had all the power and trust, and clearly they should not have.

Reader Comments

adamant

Although it sound a bit conspiratorial, it is entirely possible that Baidu.com deliberately orchestrated the event in order to establish a cause for litigation.

Baidu.com is a wholly owned entity of the Chinese Gov’t (as I understand it), so this may be another chapter in China’s efforts to flex its muscle on the internet. If this episode gives China authority or cause to take control of registrar duties for any portion of the internet, then it ultimately serves their expressed interest in controlling distribution of information.